Probably by the time you read this, I’ll be on the road to kohacon12. It’s been a fun week or so with the final arrangements on top of our other planned work and some unexpected work too, but I think we’ve done enough and it will all come together. (There are still a few places left if you’d like to register, but not lots.)

The most nerve-wracking bit has been the sponsorship. Kohacons are free to attend and funded entirely by sponsors, which is great in so many ways. It’s a bit scary for the host organisation(s), but I think the community has helped so much that it’ll break even. We won’t know for sure until the final reckoning in a month or so. One unneeded worry was Paypal freezing our account for a couple of weeks and sending us contradictory and absurd demands for information. Why isn’t there an easier way to get money out of the USA (and Australia and NZ, actually) that isn’t either slow (cheques) or expensive (wire)? Once again, I’m left feeling that banks are being a big problem for business.

The best bit has been the spirit of the volunteers. Our co-op couldn’t have done this without them. Some of them have gone a really long way to help – metaphorically, bailing us out while Paypal was chewing up our time, and sometimes physically, flying around the world… I’ll be raising a glass to all of them, whether they’re in Edinburgh or not.

Stop using CAPTCHAs. It’s time to switch to DLT: Design, Limit and Trapdoor.

“[a certain website] has the evil bad wrong Google reCaptcha on the edit page to stop disabled users, so screw it. Google’s reCaptcha seems to be spreading again, obstructing more people when accessing more websites. Is there a reason for that? The re in reCaptcha stands for replace with real anti-spam, please!“

I wrote the above about two years ago and it’s not getting any better. I’ve written similar things over the last ten years, as have many others, and I’ve always sought to avoid using physical ability tests as a way to cut down spammers.

Why do people keep reaching for the reCaptcha non-captcha or things that use similar bad eyetests like Mollom? So most online messages may be spam, but those physical ability tests do nothing to test for spam. They’re trying to detect computer submissions (the TCHA in CAPTCHA is meant to be Telling Computers and Humans Apart), but that’s really bad when the computer is helping someone with a disability to access the internet.

People from the home of the CAPTCHA describe access for sight and hearing-impaired users as “an important open problem for the project” (Luis von Ahn, Manuel Blum and John Langford. Telling Humans and Computers Apart Automatically. In Communications of the ACM). Until that problem is closed, CAPTCHAs should be considered defective and removed whenever possible.

What webmasters should do instead is DLT:

Design it well: Set up sites so the spammers cannot get a quick win in the first place. Configure permissions and things like that so people have to do some work before they are trusted to post links. This is similar to the basic theory behind my Open Activism paper Fighting in the Shadows. This is much easier to do if the system is Free and Open Source Software (FOSS), too.

Limit the damage: include rate limits to stop one person causing you lots of work: even with computer-assistance, few people need to post 10 forum messages every minute. Join up in co-operative anti-spam networks like blogspam.net so if they hurt you, others can see them coming. Again, it’s easier to hook into a network if you’re using FOSS.

Trapdoor: keep a way for people to contact you if they are really blocked by your design decisions and limitation and keep a way to exempt them from the limits if needed. Make it welcoming because disabled users are tired of reporting barriers to webmasters who don’t care and will never fix the web. A good multi-step eyetest-free contact form is a basic way to do this.

Have you tried this? Have your experiences been as good as our co-op’s? Are there sites you don’t think it would work for? A comments form is on the original of this article, as ever.

So now I need to figure out who to vote for. This year I didn’t take part in the discussions (all my spare time was bought, basically). The platforms are linked from the Debian Project Leader Elections 2012 page above and the key discussions were:

Gergely and Wouter: on the need of becoming a DPL – It seems they mainly want the freedom and a few style changes, but I feel Wouter makes a bit of a pig’s ear of this discussion, seemingly insulting Stefano at one point and even defending the broken Mail-Followup-To because it would help him use reply-all for everything.

We, the undersigned, hereby state that we expressly and unequivocally oppose the advertising of proprietary software products on government websites.

Such advertising breaches impartiality and encourages citizens to employ technologies that unnecessarily restrict their freedom. The role of government is not to support certain market participants and not others, particularly when doing so works to maintain the monopolies of global software companies.

In explanations of how to use digital resources that they provide, government agencies should clarify that multiple methods are available, and favour technologies which do not restrict users’ digital rights; by linking to PDFreaders.org, for example.

Free Software guarantees the users right to use (for any purpose), study (without secrets), share (with anyone), and improve the software that they use. Public institutions should publish their documents in formats that can be read with Free Software. Indeed, many Free Software applications exist for reading such documents. Governments should lead citizens to freedom, and encourage them to make use of these applications.

Sincerely,

Our co-op and 56 other businesses, 69 organisations and over 2200 individuals so far.

There was some time for networking, as well as a relaxed end to the day which let me catch up with a few more people. I would have preferred a little more time for the workshops and a little less on case studies (every food co-op is different and I don’t think any of the featured ones were quite what I was looking for), but that’s a very minor thing and didn’t really reduce the usefulness of the whole day.

Our co-op is a tech worker co-op and not a food co-op, so I didn’t know that much about how to start one before the event. Now I’ve got a much better idea of what I need to do when I eventually move back out to what may be a co-op desert in King’s Lynn.

Are you a member of a food co-op or buying group? If so, what would you say about it? Were you involved in its start-up?

Readers who look at our blog itself (rather than one of the lovely sites that reprint our articles) may have noticed that you can now comment in either the usual WordPress way (Name/Email/Link) or by logging in with a social media profile from one of a large range of providers, including WordPress, Livejournal, Yahoo, Google and many more.

This uses the broadly-cooperative openID system. If you run a website that accepts reader contributions, you should allow comments with openid because it helps people to use their existing social media membership without you having to surrender any control to facebook, twitter, or anyone else (unless you choose to). You also don’t have to ask your readers to weaken their security settings like with disqus (which requires javascript and third-party cookies).

The comment form on our site is powered by the openid plugin, together with our co-op’s version of the comments-with-openid plugin which can be downloaded from our site. Please download them if you’d find them useful for your WordPress site. (I’d love to adopt the official comments-with-openid at wordpress.org because the previous maintainer doesn’t answer – anyone know how to do that? I’m surprised it’s not in the FAQ.)

Do you use some other platform? What tools have let you add openid logins to it? For example, Drupal has some openID support in its core distribution: what else is out there?

Software in the Public Interest, the mass-membership association that supports some great Free and Open Source Software projects, will hold a public board of directors meeting today, Thursday 9th February 2012 at 21:00 UTC. The day and time of SPI meetings has changed recently, so maybe different people can get to them now.

There’s also been a new Anti-Counterfeiting Trade Agreement factsheet from European Digital RIghts (EDRI), as apparently there are a lot of misconceptions about ACTA. I don’t feel that has been helped by some spectacular misdirection from the European Commission in its latest “10 Myths” paper (linked from the EDRI factsheet) which is almost as interesting for what it doesn’t mention (like sneaking ACTA through the parliament fisheries committee), what it misunderstands (like the near-uselessness of a non-commercial exemption to Free and Open Source Software or Creative Commons users), and the way it fails to rebut the final point that ACTA was done this way to avoid the oversight of the World Trade Organisation! I mean, if they can’t even get it past the usually very pro-enforcement WTO, surely that should tell you something?

If you can, would you please go along and join your nearest march? Recent marchers seem to have been wearing stylised Guy Fawkes masks, but how would that be viewed in London?

Sometimes two campaigns that I care about a lot pick the same day to hold an awareness-raising drive. It happened again on Tuesday.

The one I took part in was advertising the Stop ACTA London Protest on Sat 11 Feb. The Anti-Counterfeiting Trade Agreement (#ACTA) is a plurilateral international agreement on enforcement of so-called “intellectual property rights” – copyrights, trademarks and so on. It’ll have major implications for freedom of expression, access to culture and privacy. It will also harm international trade and stifle cooperation. (More background at EDRI or a fairly large AJE page – thanks to Occupy Bristol for the AJE link.)

So the one I didn’t support at the time was the Move Your Money UK launch day. That’s a great idea too, suggesting that if we, the 99%, are actually unhappy with the big banks and their titled leaders, we should move as much as possible out of those banks and into financial institutions that we control. As you might expect for someone whose first memory of mutuals is a trust account at the local building society, I support that too. I still have building society accounts, as well as banking with the co-op bank and recently joining my local credit union. I’ve moved my money. Why don’t you?

I didn’t try to support both campaigns simultaneously on social networks because I thought it would reduce the number of people who saw my message. I backed the ACTA protest because a lot of my networks were already discussing Move Your Money and I thought Stop ACTA would benefit more. Was that the right decision? Who can tell? What would you have done?

I started buying from o2 in December. I was using Three, but their network where I stay in Norfolk isn’t reliable and you can’t just buy a device in a shop for The Phone Co-op. The dongle from o2 is a recent Huawei USB device that just worked in debian and was fairly easy for me to get working in Ubuntu. There’s space in it for a memory card, so maybe I could boot from it… but that’s an idea for later.

The o2 deal is OK but not great, and the included wifi is nowhere near as good as it looked: when it says it includes “BT Openzone” that doesn’t include any of the “BT Openzone-H” hotspots that are much more common. You’re only allowed to register one device for wifi, so no using your phone, tablet and laptop at different times!

I can’t believe it’s legal to advertise that as “unlimited wifi”, but o2 is still a better offer than access to “BT Openzone-H” hotspots at £39/month (yes, that’s the price for wifi-only…).

Ultimately, I think the problem is that there’s a rubbish choice of mobile (wifi or 3G) internet access providers in the UK. It’s a completely and utterly failed market, so you need to use Virtual Private Networks and similar tricks to protect yourself from the dysfunctional networks. My VPN meant my mobile number was safe: how about yours?

As luck would have it, I had already proposed a resolution about protecting customer privacy to The Phone Co-op (affiliate link) for our AGM on Saturday 4 February (if you’re a member, let me know). We were trying to find a compromise wording and I don’t think this little o2 scandal has hurt my proposal at all!

At least the phone co-op’s mobile service is based on Orange’s network, which wasn’t affected. How does your network perform? There’s an Internet Service Provider evilness test which might tell you.